UPDATE: We now have a confirmed sighting of the patch blocking notification on an A6-8570 processor, which is an older “6th generation” processor that should not be affected.

Another UPDATE: Ed Bott reminded me that Microsoft’s support for Skylake processors is limited to the specific machines linked from this Microsoft help post. Upshot is that Win7 and 8.1 patches will work on those specific machines, and may not work on others. In particular, if you build your own machine with a Skylake processor, Microsoft has made no guarantee that it will allow you to install Win7/8.1 patches on it.

I can’t find a similar list for AMD 6th generation processors. Please let me know if you find one!

Needless to say, don’t download or install the March preview update, and keep a far distance from the April updates when they drop until Woody says otherwise.
This is going to REALLY muddy up the waters going forward….

Yeah, Woody, I think you’re right; it looks like it may be a Bristol Ridge.
I’m not finding much on this particular APU, but after trying to cobble together some info:
– There are 28nm Carrizo and 28nm Bristol Ridge A6 CPU’s, the main difference between them being the DDR3 vs DDR4 support where Carrizo is the former, and BR is the latter.
– My above CPU-World link claims the CPU core is Carrizo PRO, but says it’s not confirmed; CPU-Upgrade says it’s a Bristol Ridge PRO and lists several other CPU’s as possible upgrades (that are also BR PRO architecture).

See attached screenshot, which is an AMD Excavator CPU, not Ryzen. That’s a supported CPU.

Windows 7 and Windows 8.1 will continue to be supported for security, reliability, and compatibility on prior generations of processors and chipsets under the standard lifecycle for Windows. This includes most devices available for purchase today by consumers or enterprises and includes generations of silicon such as AMD’s Carrizo and Intel’s Broadwell and Haswell silicon generations.

To me, it is very irresponsible for Microsoft to do that, as they just risk having more users not patched since there is probably no technical reason to block the unsupported CPUs from getting updates.

Microsoft has a certain responsibility to not help the Internet becomes more riddled with defective software that can be easily hacked and used against others. Here, I think we have a case where they are acting purposefully irresponsible and unethical.

It is one thing to not take advantage of the latest features of a CPU, it is another to block them for marketing purposes while making the rest of the Internet community less secure.

Sure, maybe the issue won’t reach huge proportions has b suggested, but still, on a theoretical level, it is a new low in corporate greed and unethical behavior.

Plus, can I say it is contrary to everything that made Windows what is is, the fact that it was an open system where everyone could create a new hardware, make drivers and be compatible with it? This is in huge part what made Apple much less appealing in the past and ended up in Windows dominating the personal computer world.

What is the value of ongoing updates from Microsoft for older operating systems?

Patches from Microsoft traditionally have done two things:

Fixed latent bugs.

Patched security holes that have subsequently been discovered.

Item 1 above is almost moot for Windows 7 and 8 systems. I have personally got both those OSs on hardware systems that run for months on end without fault, and on which application software runs quite reliably. In short: I don’t think there are a lot of latent bugs to be fixed. Not showstoppers anyway. People are using their older systems to get work done.

Item 2 is kind of a special case of item 1 because folks feel a need for Microsoft to patch security holes so that malware is blocked. No one wants a virus or worm or ransomware to infect them. And we collectively don’t want a bunch of systems out there spreading malware to others.

But let’s not forget that malware isn’t ONLY blocked by Microsoft’s having patched security holes. There are a variety of ways to block malware, and some not widely known are very, very effective. I personally have systems set up to where malware never even gets near infecting them, and I’m not blocked from doing the things others enjoy, so I know it can be done.

And let’s ALSO not forget that Microsoft may actually be coding more security holes into its system with its patches. There’s no more guarantee they do perfect work on patches than they originally did! In fact we see plenty of new problems e.g., with the March updates. The plain fact is that we really don’t yet know whether those updates have opened any new security holes. For all we know, they may cause two new vulnerabilities for every one they fix. The mindset of a programmer patching a hole is WAY different than the mindset of someone designing a software package. That’s not insignificant! And look at the history… Has malware infection gone way down recently?

Let’s not forget that XP didn’t just roll over and die when Microsoft stopped “support”. It was still in use at the medical lab I visited a few days ago.

Lastly, patches are costing we users more and more time and effort. Not only because of technical trouble afterward, but because folks are now necessarily more wary, and are doing more things up front to try to protect themselves (Group B anyone?).

And so item 2 becomes a question something like this:

———————————————————————————————————-If on a given system Microsoft simply doesn’t patch any further security holes in Windows 7 or 8, is the user actually worse off?
———————————————————————————————————-

I don’t think the answer is cut and dried, especially given the changes we’ve seen at Microsoft lately. It’s something I think needs further discussion.

———————————————————————————————————- If on a given system Microsoft simply doesn’t patch any further security holes in Windows 7 or 8, is the user actually worse off? ———————————————————————————————————-

And I’d love for you to have that choice. But I’m not in charge of the changes that are seeking to deny people of it.

What I *AM* interested in is why people still think they want to update their older systems, when everything observed about Microsoft is that they’re going further and further down the road the kinds of folks who still run older operating systems don’t want to follow on.

Is it that people don’t yet realize what Microsoft is doing or becoming and are still optimistic?

Is it that people think that even though Microsoft has generally turned to the dark side there’s still good in it?

Is it that people don’t want to worry about details and would like to just turn over control to Microsoft (yet somehow they still don’t want Windows 10)?

Is it an unwillingness to let go of something that has always been a certain way?

Why do you feel updates have value for you?

I’m not being critical or judgmental; each person is entitled to their own opinions. I just don’t know what they are.

I have used Microsoft software from the start and have personally always felt there was some value in keeping current, but I’m not unwilling to re-evaluate the balance between upside and downside and make changes in my policies. I’ve already made changes in managing my own Win 7 systems, and am currently not in any hurry to install current updates into Win 8.1.

-Noel

1 user thanked author for this post.

I don’t’ see how this will turn out very well… if they are daft enough to be using something like CPUID to detect processor information/”generation”, then this would also potentially block patches on Windows 7 running on virtual machines where the host has the affected hardware.

At least in VMWare I believe you can overwrite/mask the real CPUID by changing the specifications in the VMX files, assuming that is the method they are using, but that is a terrible hack that shouldn’t be necessary.

3 users thanked author for this post.

“But if Microsoft itself is going to disable Windows Update, who am I to argue?”

It was boring enough for the last 2-3 months. Imagine how it would be if this would be forever.
We would have to focus on Apple Update, Chrome Update or Firefox Update then and most of the fun would be lost.
🙂 🙂 🙂

PS Watch out the imminent release of iOS 10.3 with the new Apple file system upgrade coming

I have a feeling that what Microsoft has done may be illegal in some countries.

At least in this country (Australia), there are laws to prevent companies retrospectively changing Terms and Conditions to the detriment of the customer.

If, when I purchased my Windows 8.1 license several years ago, there was nothing in the then T & C that gave Microsoft the right to change the support simply based on processor family, then to do so now and retrospectively is illegal and invalid.

My Windows 8.1 license, regardless of whether it’s running on a Celeron 300 or on the fastest Kaby Lake i7, entitles me to the support I agreed to when I purchased the license. And that includes updates.

And any general T & C clause like “And anything else that Microsoft decides” is worth less than any paper it could be printed on.

Caveat: I am not a lawyer. 🙂

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

UPDATE: We now have a confirmed sighting of the patch blocking notification on an A6-8570 processor, which is an older “6th generation” processor that should not be affected.

Another UPDATE: Ed Bott reminded me that Microsoft’s support for Skylake processors is limited to the specific machines linked from this Microsoft help post. Upshot is that Win7 and 8.1 patches will work on those specific machines, and may not work on others. In particular, if you build your own machine with a Skylake processor, Microsoft has made no guarantee that it will allow you to install Win7/8.1 patches on it.

I can’t find a similar list for AMD 6th generation processors. Please let me know if you find one!

He said specifically that “(Skylake-based) Systems that aren’t on the supported list will lose access to updates for older Windows versions as of July 17, 2018.” If that is true, this means that Skylake systems (other than those on that list) running Windows 7 or Windows 8.1 will only receive security updates until July 2018, i.e. the support will be terminated 1.5 years early for Windows 7, and 4.5 years early for Windows 8.1 for those systems.

It surely sounds as though my decision to stay with X99 will be a correct one as I intend to run Windows 7 and Windows 8.1 for at least several more years. I use VMware Workstation a lot, and it seems to me that this block may (will?) also affect Windows 7 and Windows 8.1 running in virtual machines under VMware Workstation on a Kaby Lake or Ryzen system as the CPU id of the host is visible to the virtual machines. That is simply unacceptable to me. I am aware that it may be possible to mask the CPU id of the host in the virtual machine but I would prefer not to do that.

But at the same time I am also thinking about the point Noel said above, which is that “If Microsoft terminates updates for Windows 7 and Windows 8.1 for some PCs, is it actually a bad thing for those users?” I certainly would want a choice to get updates or not, but with the quality of Microsoft updates as it is now, I certainly will be willing to go without updates in the future if it becomes necessary for the stability and usability of my own systems.

3 users thanked author for this post.

Hopefully someone can write a program to trick Windows update into thinking it’s running a different processor so we can still update. Or look at the update code that blocks the Kaby Lake, Ryzen, and a few other CPU’s and see how it checks and bypass it.

Why did Microsoft select these specific processors? They work fine on Windows 7 there are absolutely no compatibility issues at all. According to the Windows life cycle fact sheet the end of support is January 14, 2020. So if I get no security updates and my computer is full of security holes and something happens it’s on me then huh? Obviously Microsoft does not care about it’s customers. I have a genuine paid version of Windows 7 that is now useless your saying now. So here’s to you Microsoft! I may have no choice, but hey remember this? “Windows 10 free upgrade” well guess what I will get it for free I’m not paying for it! 🙂

These systems will be supported on Windows 7 and Windows 8.1 with all applicable security updates through the respective end of support dates. It is recommended that these systems be upgraded to Windows 10 as soon as possible.

To me this is a red flag which says that nobody should use Windows 7/8.1 on Skylake, even if it is “supported”, except for the period required to plan for upgrading.
Those who prefer to keep complaining instead of using their computer and fight for “the right thing”, may keep using Windows 7 / 8.1 on Skylake systems.
Those more practically-minded who are interested in a good outcome for them, should follow what the article says.

These systems will be supported on Windows 7 and Windows 8.1 with all applicable security updates through the respective end of support dates. It is recommended that these systems be upgraded to Windows 10 as soon as possible.

To me this is a red flag which says that nobody should use Windows 7/8.1 on Skylake, even if it is “supported”, except for the period required to plan for upgrading. Those who prefer to keep complaining instead of using their computer and fight for “the right thing”, may keep using Windows 7 / 8.1 on Skylake systems. Those more practically-minded who are interested in a good outcome for them, should follow what the article says.

How in your understanding does it mean I should install Windows 10?

To help provide greater flexibility for customers who have longer deployment timeframes to Windows 10, the support period for Windows 7 and Windows 8.1 devices on Skylake systems will be extended by one year: from July 17, 2017 to July 17, 2018.

Also, after July 2018, all critical Windows 7 and Windows 8.1 security updates will be addressed for Skylake systems until extended support ends for Windows 7, January 14, 2020 and Windows 8.1 on January 10, 2023.

Mainstream support for W8.1 ends on January 9, 2018. MS assures full support until July 2018 – i.e half a year after the deadline, where supposedly there should be only security fixes. Everybody knows there will be no feature updates to 8.1 anymore, so it does not really matter. Security fixes will be issued until 2023.

As long as 3rd party software supports 8.1, there is no urge to install Malware 10.

As to what Microsoft “recommends”: they’ve “recommended” to use Internet Explorer and Bing search engine for years. Did you follow their recommendation? 🙂

BTW: Woody, have you seen the positioning of askwoody.com @ Bing? While Google after searching for “askwoody” returns “askwoody.com” as a first result, in Bing it’s not even on the first page :).

1 user thanked author for this post.

The offending settings are carried (now) by the March PREVIEW Rollup. That will be included in the April “Security Monthly Quality ROLLUP.”

So, if you install ANY Preview Rollup beginning with the one for March and after or ANY Monthly ROLLUP beginning beginning with the one for April and after, you will be installing the Windows Update blocker for the affected processors.

That’s by no means any tested solution – it was rather thinking if this is possible. There are many more experienced users on this site (PKCano would one of the first that would come to my mind, actually) regarding these matters. Given that and the fact I’m not really willing to test it on VMs and surely not on my own computer, I’ll be closely watching their suggestions :).

With a custom built Win 7, Home Premium, almost 3 years old, how do I find out which processor I am using? All I know for certain is that it is an i3. Being computer illiterate I have no idea how to determine which processor. Does anyone have any ideas in such a situation?? I never expected to encounter the nightmare which has appeared with MS and its Win 10. Any and all ideas most appreciated.

1 user thanked author for this post.

radosuaf: Thank you so much for the information about the CPU I am running and the link you provided. This is a huge relief (IF MS doesn’t change its “mind” again). I was unaware that these CPU’s all have “names” until now. Very interesting.

I sincerely appreciate the information you’ve provided for me. I feel a little “safer” for now. I admire your expertise and willingness to help others who are “totally lost” without this help!

1 user thanked author for this post.

I’m wondering if any of the following methods could possibly work to circumvent this:

1. Create a “loader” similar to the well-known tool created by Daz for the purpose of piracy. (Not advocating piracy here, just using it as an example of a tool.) As I understood, the way it worked was to write to the MBR and load its own code to present a SLIC table to the operating system, which was not present in the actual system BIOS. If a new loader could be created which can spoof the cpuinfo presented to the Windows kernel as Haswell/Skylake or another AMD CPU, then it should probably successfully pass the Windows Update check. The downside to this method is that it would only work on MBR systems, not GPT, and it would only work with a native MBR (no third party whole disk encryption software).

2. Hook into the Windows Update process and bypassing or returning a different value for its CPU check result. This would probably be the most universal fix since it would work on any partition table. However, it would probably only work with the current client, and would need to be updated if there was ever a newer Windows Update client released.

3. Restoring the files for the old Windows Update client. I don’t know exactly what files and registry keys are changed in the April 2017 patch, and the fact that the update is cumulative makes it a little difficult to find out. Perhaps someone could reverse the cab files to find out. But if the old update client is installed, unless Microsoft FORCES the newer client in checking for updates, it should allow you to continue receiving updates. But, the old client would need to be restored each time a new WU client comes out. Also an sfc /scannow would overwrite the files. And it’s possible that Microsoft could break something in Windows Update, just like they did almost every month back in 2016, that would cause CPU usage to skyrocket unless you installed the new client.

This has actually already happened. I don’t have the exact source on hand because I’ve been browsing so many websites about this, but one person who got this update said that they had a 6th generation AMD CPU (not Bristol Ridge or Ryzen) and they were being blocked from getting updates.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.